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(54) Integrated circuit device for use in tlie protection of multiple resources In an electronic 
assembly 



(57) An integrated circuit device (chip) 10 has lock 
circuitry (11) that controls operational enablement of a 
functional block (12) of the chip. To unlock the lock cir- 
cuitry, a "chip-key" must be supplied to the chip. The 
chip (10) is also provided with chip-key output drcuit 
(40) for outputting a chip key associated with one or 
more other chips; the chip-key output drcuit may be part 
of the functional block (12) controlled by the lock dr- 



cuitry (11) of the same chip. The chip can be used in a 
variety of forms and arrangments to provide both integ- 
rity and security in an electronic assembly. For example, 
the chip (10) can be used to output a chip key for 
unlocking other chips but only after the correct chip key 
has been supplied to the first-mentioned chip. 
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Description 

Field of the Invftntinn 

The present invention relates to integrated circuit 
devices for use in the protection of multiple resources in 
an electronic assembly. 



to unauthorised users, but which does not require the 
use of a special tamper-proof enclosure. 

Summary of the Invention 



Background of the Invention 

Various techniques are known for ensuring that 
only authorised persons can gain operational access to 
a computer. For exanple. a computer may offer pass- 
word protection whereby upon power on of the compu- 
ter or following activation of password protection (for 
example, when a user temporarily goes away from the 
computer), a predetermined password must be entered 
before the operational capabalities of the computer are 
restored. Such a system may operate, for example, by 
deactivating the keyboard controller until tiie correct 
password is input. 

It is also known to adjust the computer resources 
available to a user according to the user's authorisation 
level; this is generally achieved by having the user iden- 
tify himself/herself to tiie computer with this identify 
being authenticated by subsequent Input of a user-spe- 
cific password. 

In fact, both the foregoing arrangements provide 
only very limited protection for tfie computer resources 
in the situation where a person intending to gain unau- 
thorised access (herein referred to as an intruder) has 
physical access to tiie inside of the computer. For exam- 
ple, in the case of password protection inhibiting the 
keyboard controller, it is really only the keyboard that 
disabled and an intruder with internal physical access to 
the computer can readily bypass the keyboarcJ and use 
the other computer resources. The same is true where 
access to certain resources is password protected as 
such protection is software implemented by the compu- 
ter's main processor and an intruder with internal phys- 
ical access can. for example, readily access a 
supposedly protected hard disc drive. 

One approach to dealing with tiiis problem has 
been to reduce the possibility of an intruder gaining 
internal physical access to tiie computer. For example, 
it is common to provide physical locks on computer 
cases. More sophisticated approaches are also known, 
though generally in the context of protecting highly sen- 
sitive data; thus, it is known to provide tamper-proof 
enclosures for encryption/decryption modules storing 
encryption/decryption keys, any attempt to open the 
module resulting in destruction of the keys. This latter 
approach to providing a defense against internal physi- 
cal tampering, whilst effective, is generally very expen- 
sive and is not suitable for general application. 

It is an object of the present invention to pix>vide a 
general approach to protecting multiple resources in 
electronic equipment that may be physically accessible 



In general terms, the present invention envisages 
controlling the use of the functionality provided by a plu- 
rality of integrated circuit devices (for exanple, associ- 
ated with different resources) by requiring each of the 
10 devices to be provided with a corresponding password 
("chip key") and ananging for this to be done by having 
a first one of the devices, once itself enabled by its chip 
key. Initiate the passing of the appropriate chip keys to 
the other devices. Witii such an arrangement, an 
15 intruder having internal physical access to an item of 
equipment cannot access the resources incorporating 
the controlled devices whilst an authorised user need 
only input a single password to unlock tfie functionality 
of all resources he/she is autfiorised to use. 
20 The principle of having one device enable another 
can also be used to ensure that only certain speciffc 
devices or device types are used together. Thus if a 
device receiving a chip key from another is not the 
intended mate to the device outputting the chip key. then 
25 it can be an-anged tiiat the chip key concerned is inef- 
fective to enable the receiving device. In such an appli- 
cation, it is not, in fact, necessary for the device output 
the chip key to await for its own functionality to be ena- 
bled before it outputs the chip key to the next device. 
30 As will be seen from the following, the present 
invention finds expression both at in the form of the indi- 
vidual integrated circuit devices involved and at the level 
of an electronic assembly Incorporating multiple 
devices. 

35 Thus, according to one aspect of the present inven- 
tion tinere is provided an integrated circuit device com- 
prising a functional block for providing the device with a 
required functionality, and lock circuitry for inhibiting 
operation of this functional block until the provision to 
40 the lock circuitry, from externally of the device, of at 
least one predetermined chip key; tiie device further 
comprising chip-key output means for outputting a chip 
key associated witfi another such device. 

For applications where it is only required to ensure 
45 that a set of devices are operated together, the chip-key 
output means can be independent of the lock circuitry, 
being arranged, for example, to output tiie chip key 
associated with another device upon recrpt of an exter- 
nal trigger (such as a system reset or similar signal). 
50 However, for most applications, the chip-key output 
means will be in tiie functional block conti-olled by the 
lock circuitry In fact. In one embodiment of the inven- 
tion, the device is provided with a plurality of functional 
blocks each inhibited from operation by the lock circuitry 
55 until ttie provision to the lock circuitry, from externally of 
the device, of at least one predetermined chip key asso- 
ciated witfi the functional block concerned; in this case, 
the chip-key output means may by itself constitute one 
of the functional blocks. 
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Furthermore, two chip-key output means may be 
provided, each in a respective functional block control- 
led by the lock circuitry. In this manner, the device can 
be arranged to output a different chip key according to 
the chip key it receives itself. 

Preferably, the lock circuitry is arranged to receive 
chip keys in encrypted form over a secure link Indeed, 
in the preferred enfibodiment. the lock circuitry com- 
prises: 

- storage means for storing at least one reference 
value. 

- secure communication means for receiving an 
input from externally of the device and for subject- 
ing that input to a decryption process to produce a 
first Intermediate value, the nature of said decryp- 
tion process being such that said first intermediate 
value corresponds to the clear form of a said chip 
key when said input is that key in encrypted form. 

- means for receiving said first intermediate value 
and for performing a one-way function on it to pro- 
duce a second intermediate value. 

- comparison means for detecting a match 
between said second intermediate value and a said 
at least one reference value, and for producing a 
con-esponding enat>le signal when at least one said 
match has been detected, and 

- inhibit means for inhibiting operation of the or 
each said functional block until the corresponding 
said enable signal Is produced. 

Such an arrangment Is highly secure because the chip 
keys are not stored In clear In the device and therefore 
cannot be discovered by examination of the device 

The chip-key output means is preferak)ly also 
arranged such that the chip key output thereby is output 
In encrypted form. 

At the electronic assembly level, the present inven- 
tion envisages an electronic assemt)ly including a plu- 
rality of integrated circuit devices at least a first one of 
which embodies the invention, and at least one second 
one of which is connected to receive the chip key output 
by the chip-key output means of said first one of said 
devices, each second device comprising a functional 
block for providing that device with a required function- 
ality, and lock circuitry for inhibiting operation of the 
functional t)lock until the provision to the lock circuitry of 
the chip key from said first device. 

In one preferred arrangement, the chip-key output 
means pf the first device must be unlocked by the lock 
circuitry of the same device before it can output its chip 
key, and the electronic assemk)ly comprises a plurality of 
second ones of said devices each connected to receive 
the chip key output by the chip-key output means of the 
first devices. This embodiment provides a one-to-many 
enablement arrangement. 

In another preferred emkxxiiment. both the first 
device and a said second device are in accordance with 
the Invention and have chip-key output means that 



require unlocking, the second device being unlocked by 
receipt of the chip key output by the chip-key output 
mean of the first device. In addition, a third one of the 
devices is connected to receive the chip key output by 
5 the chip-key output means of the second device follow- 
ing unlocking of that chip-key output means, the third 
device comprising a functional block for providing that 
device with a required functionality, and lock drcuitry for 
inhibiting operation of the functional block until the pro- 
10 vision to the lock circuitry of the chip key from the sec- 
ond device. This embodiment provides a chain-form 
enablement arrangement. 

In a further preferred emobiment, the first device 
comprises two chip-key output means separately con- 
is trolled by the lock circuitry, a respective second device 
being connected to receive at least the said chip key 
output by an associated one of the said chip-key output 
means of the first device following unlocking of that 
chip-key output means. 
20 For applications where it is only required to ensure 
that a predetermined set of devices is present, an elec- 
tronic assembly may comprise a plurality of integrated 
circuit devices each having chip-key output means inde- 
pendent of the lock circuitry arxj operative to output a 
25 chip key different from the chip keys output by the other 
devices. The lock circuitry of each device is then prefer-* 
ably arranged to inhibit the functional block of the same 
device until the lock circuitry has received a said chip 
key from the chip-key output means of at least some 
30 (advantageously all) of the other devices. In this way. 
the presence of all devices can be required before the 
functional block of any device is rendered operational. 
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Brigf Description pf thg Drawings 



Integrated circuit devices embodying the invention 
and electronic assemblies incorporating such devices in 
accordance with the invention, will now t>e descrit>ed, by 
way of non-limiting example, with reference to the 
40 accompanying diagrammatic drawings, in which: 

Rgure 1 is a block diagram of an Integrated cir- 
cuit device showing the lock circuitry for 
controlling enablement of a functional 
46 block of the device; 

Rgure 2 is a diagram illustrating various 

arrangements for enabling different 
functional blocks provided in the same 
integrated circuit device; 
50 Rgure 3(a) is a diagram of a first emk>odiment of an 
integrated circuit device of the invention 
provided with lock circuitry; 

Rgure 3(b) is a diagram of a second emtxxliment 
of an integrated circuit device of the 
55 invention provided with lock circuitry; 

Rgure 3(c) is a diagram of a third embodiment of 
an integrated circuit device of the 
invention provided with lock circuitry; 
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Figure 3(cl) is a diagram of a fourth embodiment of 
an integrated circuit device of the 
invention provided with lock drcuitry; 

Figure 4(a) is a diagram of a first electronic assem- 
bly with an arrangement of integrated 
circuit devices of the Figure 3(a) form 
that senses to inhibit operation of func- 
tional blocks of all devices if any device 
is missing; 

Rgure4(b) is a diagram of a second electronic 
assembly with a one-to-many arrange- 
ment of integrated circuit devices with 
the "one" device being of the Figure 
3(b) form; 

Figure 4(c) is a diagram of a third electronic 
assembly with a chain an-angement of 
integrated drcuit devices with the 
device at the head of the chain being of 
the Figure 3(b) form; and 

Figure 4«l) is a diagram of a fourth electronic 
assembly in which an integrated circuit 
device of the Figure 3(d) form controls 
two futher integrated arcuit devices. 

Bgst IWode of Carrvinff Oii t the invflnt i^n 

Before describing an embodiment of an integrated 
circuit device provided with chip-key output means in 
accordance with the invention, an integrated circuit 
device will bedescrlbed. with reference to Figures 1 and 3o 
2. that has a functional block controlled by lock drcuitry 
The integrated drcuit device of Figures 1 and 2 forms 
the subject mater of our coi5ending European Appiica- 
tron filed the same date and entitled "Integrated Circuit 
Device with Function Usage Ck)ntror 35 

Tlie integrated circuit device 10 (hereinafter "chip-) 
shown in diagrammatic form in Figure 1 comprises tock 
circuitry 11 controlling operational enablement of a 
functional block 12 (Figure 1 is not intended to accu- 
rately represent the relative chip areas occupied by the 4o 
circuitry 1 1 and functional block 12). Functional block 12 
may. for example, be a data compression engine for 
compressing / decompressing externally supplied data 
or part of a disk-drive controller. 

The functional block 12 is connected to external 4s 
data, address and control lines 13. 14. 15 through exler- 
nal chip contacts (not explicitly shown). The block 12 
operates in standard manner with the reception that for 
Its operation it needs to be supplied with a signal on line 
16 coming from the lock drcuitry 11. In the present so 
example, the required signal on line 16 is an external 
clock signal delivered over control line 1 7 to a gating dr- 
cuit 18 of the lock drcuitry 1 1 . When the gating circuit is 
fed with an enable signal on line 19. the external dock 
signal is passed to the block 12 enabling its operation; in 
the absence of an enable signal on line 19. the block 12 
is internally non-operational. 

To unlock the lock circuiti-y 1 1 to enable block 12 a 
predetermined password (chip-key) must be supplied'to 
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the lock drcuitry 1 1 from externally of the chip 10. Two 
particular measures are taken to ensure the confidenti- 
ality of this chip-key First, the chip-key is passed to the 
chip 10 in encrypted form, the encrypted chip-key being 
decrypted in the lock drcuifry 11. To this end. the lock 
drcuitry comprises a secure communication block 20 
that communicates with the outside world over serial 
input and output lines 21 . 22. The blod< 20 inplements, 
for exarrple, the well-known Diffie-Hellman Key 
Exchange algorithm (see. for example, "Network and 
Internetwork Security", p.342, William Stallings Pren- 
tice Hall International. 1995); by operating this public 
key algorithm with one-time cryptographic keys, a chip- 
key can be passed to the chip 20 in a confidential man- 
ner that is proof against a replay attack. 

When tfie secure communications block 20 is fed 
with an encrypted chip-key it decrypts the chip-key and 
temporarily outputs the chip-key as first intermediate 
value I VI. 

The second measure taken to ensure the confiden- 
tiality of the chip-key. is that a copy of the chip-key is not 
stored as such in chip 10 for comparison against the 
input chip-key Instead, a signature of tiie correct chip- 
key for the chip concerned is stored in register 25 of the 
lock drcuitry. this signature being a value formed by 
subjecting the dear form of the chip-key to a one-way 
function. This one-way function is, for exanple. a one- 
way hash function such as effected the Secure Hash 
Algoritiim SHA (see page 276 of the aforesaid refer- 
ence "Network and Internetwork Security"). Were an 
intruder able gain access to register 25 in a manner per- 
mitting its contents to be read, this would not compro- 
mise the chip-key as it wouW not be computationally 
feasible to determine the latter from its signature held in 
register 25. 

In order to ascertain whettier an input chip-key is 
the con'ect one to unlock the particular chip 10 con- 
cerned, the lock drcuitry further comprises a one-way 
function Hock 26 that subjects the chip-key output as 
IV1 from block 20 to the one-way function (in this case 
the SHA) used to form the chip-key signature heki \n 
register 25. The resultant intermediate value IV2 output 
by block 26 is then compared in comparison block 27 
with the signature stored in register 25; if a match is 
found, the corrparlson block 27 outputs an enable sig- 
nal on line 19 to cause operational enablement of the 
functional block 12. The comparison block latches the 
enable signal In the sense that once this signal is gener- 
ated, It remains present notwithstanding removal of the 
correct IV2 value, until the chip is de-energised (or 
some other condition is achieved). 

The chip-key signature stored in register 25 may be 
set in permanentiy at the time of manufacture or. as in 
the present exanple. written in subsequentiy (the regis- 
ter in this case being for example. Flash or EEPROM 
memory). To control this latter process, the chip 10 is 
provided with a write control circuit 28 interposed 
between the data lines 14 and the register 25. In order 
to write to the register 25. the required chip-key signa- 
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ture value is placed on the data lines 14 and a write- 
enable signal is passed on line 29 to the write control 
circuit 28. Additionally, the write control circuit 28 is 
arranged only to enable writing to the register 25 either 
if its contents are all zeroes (indicating that no chip-key 5 
signature has yet been written in) or if the lock circuitry 
is cun^ently in its unlocked state (as indicated, for exam- 
ple, by the presence of a signal on line 30 from the com- 
parison block 27). 

Once the required chip-key signature has been 
written to the register 25. further writing to the register 
could be prevented by providing a fusible link in the 
write control circuitry 28. the link being blown upon 
application of an appropriate external signal on line 31 . 

Typically, the chip key in clear form may have a 
length of IK bits. 

Although in Rgure 1 the chip 10 is shown with only 
one functional block 12 controlled by the lock circuitry 
1 1 . a number of such blocks may be provided typically 
each with different functionality. Such an arrangement is 
shown in Figure 2 for five functional blocks 12A to 12E. 
In this case a respective gating circuit 1 8 is associated 
with each functional block and the register 25 is 
replaced by a register block 35 storing signatures for a 
plurality of different chip-keys associated with particular 
ones of the fonctional blocks. In Figure 2. these signa- 
tures are designated H(K1) to H(K6). corresponding to 
the hash of chip-keys K1 to KB respectively. When pre- 
sented with an intermediate value IV2, the comparison 
block 27 now searches for a match amongst the signa- 
tures H(K1) to H(K6) stored in register block 35 and 
upon finding a match takes appropriate action in respect 
of the associated functional block. 

In the Figure 2 example, for functional blocks 12A, 
12B. 12c a single respective signature H(K1). H(K2), 
H(K3) is Stored in register block 35 and upon signal IV2 
taking on a corresponding value, the comparison block 
27 outputs an enat)le signal to the appropriate func- 
tional block. The functionality of the blocks 12 A. 12B 
and 12c can thus be selectively enabled according to 
the input chip-key and this permits different functionality 
to be made available to different users. 

The enablement of block 1 2D is more involved than 
for blocks 1 2A.B.C. In this case, not only must signal IV2 
take on the correct value corresponding to tiie stored 
signature H(K4) for block 12D. but block 12C must also 
have first been enabled. This is achieved by having the 
gating circuit 18 associated with the block 12D only ena- 
ble the latter upon receipt of enable signals both from 
the comparison block 27 and from the block 12C, the 
latter only supplying such a signal when itself enabled. 
This general arrangement permits a hierarchical access 
scheme to be implemented by which each level has a 
corresponding chip-key and users can only enable func- 
tional blocks up to a level in the hierarchy tor which tiiey 
have the correct chip-keys. 

Enablement of functional trfock 12E requires the 
input of two encrypted chip-keys K5, K6 (possibly in 
direct succession), the register block 35 storing the cor- 



responding signatures H{K5). H(K6) of both chip-keys. 
In this case, the comparison block 27 when identifying a 
match for a first one of the chip-keys, must remember 
this fact and await detection of a match for the second 
one of the chip-keys before outputting an enable signal 
to the gating circuit 18 associated with functional block 
12E. 

It will be appreciated that the different approaches 
described above for enabling blocks 12A-C, block 12D. 
and block 1 2E can be used in any desired combination 
as required. It wilt also be appredated that the chip 10 
can be provided with one or more functional blocks that 
are not controlled by the lock circuitry 1 1 . such blocks 
being unconditionally available for use. 

Figure 3 illustrates four forms of integrated circuit 
device 10 embodying tiie invention, each including lock 
circuitry, such as the previously described lock circuitry 
1 1, and a functional block 12 controlled by the lock cir- 
cuitry. For clarity, in Figure 3 (and also in Figure 4) only 
the input connection to tiie lock circuitry 1 1 of each chip 
1 0 has been shown, this connection being represented 
by a single line (generally, it will be two lines as shown 
in Rgure 1 as two-way communteation is required for 
the secure communication process operated by the Rg- 
ure 1 lock circuitry). Again, for clarity, each chip is 
shown as having only one main functional block 12 con- 
trolled by the lock circuitry 11 (though as will be 
explained below, a second block 40 may in certain 
cases also be controlled by the lock circuitry). 

Each embodiment of the invention shown in Figure 
3 includes a chip-key output ciruit 40 which when ena- 
bled is operative to output a chip key associated with 
another chip. This output may be in encrypted form 
using a secure communications arrangement (such as 
employed in the Figure 1 lock circuitry) or may use a 
lower level of security, depending on application. 

Rgure 3(a) shows a first form of chip 10 embodying 
the invention in which the chip-key output circuit 40 is 
independent of the lock circuitry 11, being enabled 
immediately upon energisation of the device and trig- 
gered to output its chip key by an external signal such 
as a reset signal. 

Rgure 3(b) shows a second form of chip 10 emtxxJ- 
ying the invention in which the chip-key output circuit 40 
forms part (or possibly all) of tiie functional block 12 
controlled by the lock circuitry 12. In this embodiment, 
upon the fonctional block 12 becoming enabled, the 
chip-key output circuit 40 outputs its chip key. 

Rgure 3(c) shows a third form of chip 10 embody- 
ing the invention in which the chip-key output circuit 40 
forms a functional block controlled by the lock circuitry 
1 2 separately from the main functional block of the chip; 
in this case, the block 12 and circuit 40 may become 
enabled by the receipt of different chip keys by the lock 
drcuitry. Upon tiie chip-key output drcuit 40 becoming 
enabled, it outputs its chip key. 

Rgure 3(d) shows a fourth form of chip 1 0 embody- 
ing the invention in which two chip-key output drcuits 40 
are provided, each controlled as a functional block by 
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the lock circuitry 12 such as to become enabled by the 
receipt of different chip keys by the lock circuitry. Upon 
either chip-key output circuit 40 becoming enabled, it 
outputs its chip key (the chip keys output by each drcuit 
40 will genreally be different). 

It will be appreciated that variants of the Figure 3 
chip forms are possible; for example, in Figure 3(d) chip, 
more than two chip-key output circuits could be pro- 
vided and each may form part of a block 12 possessing 
additional functionality. 

Figure 4 shows four possible arrangments of the 
Figure 3 chips in an electronic assembly, these an-ang- 
ments being merely illustrative of the wide range of pos- 
sible arrangements. 

In the Figure 4(a) an-angement. three chips 10 of 
the Rgure 3(a) form each have their lock circuitry 
arranged to receive the chip keys output by the circuits 
of the other two chips. The lock circuitry 1 1 of each chip 
is such that it requires the chip keys from the other chips 
before it enables the associated functional block 12. 
With such an arrangment, the absence of any one chip 
prevents the functional blocks of the other chips from 
being enabled. The chip keys can be chosen to be spe- 
cific to particular chips or particular chip types. 

In the Figure 4(b) arrangement, a chip of the Rgure 
3(b) form is used to enable two further chips. These fur- 
ther chips need not themselves be provided with a chip- 
key output circuit (though, of course, such functionality 
could be present). This arrangement provides a one-to- 
many enablement arrangement. 

In the Figure 4(c) arrangement, a first chip of the 
Figure 3(b) form is arranged to output a chip key to ena- 
ble the functional block of a second chip also of the Fig- 
ure 3(b) form; this latter chip is in turn arranged to output 
a chip key for enabling the functional block of another 
chip. This arrangement provides a chain of enablement 
that can be extended as required. 

TTie Figure 3(c) form of chip could be used in place 
of the Rgure 3(b) form of chip in both the Figure 4(b) 
and Figure 4(c) arrangements. 

In the Figure 4(d) arrangement, a chip of the Figure 
3(d) form Is used to independently enable two further 
chips in dependence on the receipt of the appropriate 
chip key by the lock circuitry of the Figure 3(d) chip. 

It will be appreciated that in the foregoing Figure 4 
arrangments. where different chip keys are to be 
passed to different chips, this can be done over the 
same communication lines since passing a chip key to a 
chip for which it is not intended simply means that the 
chip will iaW to respond. Of course, appropriate meas- 
ures would be needed for sharing a common coomuni- 
cation link. 

In all of the Figure 4 arrangements, the master or 
head chip (the leftmost chip) may be supplied with a 
chip key over a communications link or from a local 
input device such as a smart carcl reader. 

It will be appreciated that various modifications may 
be made to the described embodiments of the present 
Invention. For example, the lock circuitry may differ from 



that described with respect to Figure 1 depending on 
the level of security required; in some applications, for 
example, it may be acceptable simply to store the pass- 
word in dear in the chip and even to omit the secure 

5 communications means. In fact for the an-angements 
shown in Figures 4(b) to 4(d). a preferred option is to 
provide the head chip (the leftmost chip) with lock cir- 
cuitry of the Figure 1 form whilst using less secure 
arrangements for the other chips. For the Figure 4(a) 

10 arrangement, lock drcuitry of a lower level of security 
than offered by the Figure lock circuitry will generally be 
appropriate. The chip-key output means 40 has its 
security level matched to that of the lock drcuitry with 
which it interliaces. 
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Claims 

1 . An integrated circuit device comprising a functional 
block for providing the device with a required func- 
tionality, and lock drcuitry for inhibiting operation of 
said functional block until the provision to the lock 
drcurb'y, from externally of tiie device, of at least 
one predetermined chip key; said device further 
comprising chip-key output means for oulputting a 
chip key associated with another said device. 

2. A device according to claim 1, wherein said chip- 
key output means is independent of said lock cir- 
cuitry. 

3. A device according to daim 1, wherein said func- 
tional block controlled by the lock circuitry com- 
prises said chip-key output means. 

A device according to claim 3. wherein the device is 
provided with a plurality of said functional blocks 
each inhibited from operation by said lock circuitry 
until the provision to the lock circuitry, from exter- 
nally of tiie device, of at least one predetermined 
chip key assodated with the functional block con- 
cerned, one said functional block comprising said 
chip-key output means. 



5. A device according to claim 4, wherein at least two 
45 said functional blocks comprise respective said 
chip-key output means for outputting respective 
chip keys when ttie functional block ceases to be 
inhibited by said lock drcuiti-y. 



30 



35 4. 



50 



55 



6. A device according to any one of claims 1 to 5. 
wherein said lock circuitry includes secure commu- 
nication means for receiving said at least one pre- 
determined chip key In encrypted form from 
externally of the device. 

7. A device according to any one of claims 1 to 5, 
wherein said lock circuitry comprises: 



6 



11 



EP0 743 603A1 



12 



storage means for storing at least one refer- 
ence value. 

-- secure communication means for receiving 
an input from externally of the device and for 
subjecting that input to a decryption process to 
produce a first intermediate value, the nature of 
said decryption process being such that said 
first intermediate value corresponds to the 
clear form of a said chip key when said input is 
that key in encrypted form. 
" means for receiving said first intermediate 
value and for performing a one-way function on 
it to produce a second intermediate value, 

- comparison means for detecting a match 
between said second intermediate value and a 
said at least one reference value, and for pro- 
ducing a corresponding enable signal when at 
least one said match has been detected, and 

- inhibit means for inhibiting operation of the or 
each said functional block until the correspond- 
ing said enable signal is produced. 



20 



ing operation of said functional block until the provi- 
sion to the lock circuitry of said chip key from said 
first one of said devices. 

12. An electronic assembly including a plurality of inte- 
grated circuit devices, both a first one and a second 
one of said devices being in accordance with daim 
3 with said second device being connected to 
receive the said chip key output by the said chip-key 
output means of said first one of said devices fol- 
lowing unlocking of that chip-key output means: 
said plurality of integrated circuit devices including 
a third said device connected to receive the said 
chip key output by the chip-key output means of the 
said second device following unlocking of that chip- 
key output means, said third device comprising a 
functional block for providing that device with a 
required functionality, and lock circuitry for inhibiting 
operation of said functional block until the provision 
to the lock circuitry of said chip key from said sec- 
ond device. 



8. A device according to claim 1 . wherein said chip- 
key output means is such that the said chip key out- 
put thereby is output In encrypted form. 

9. An electronic assembly, including a plurality of inte- 
grated circuit devices, a first one of said devices 
being in accordance with daim 1 and at least one 
further one of said devices being connected to 
receive the said chip key output by the said chip-key 
output means of said first one of said devices, each 
said at least one further one of said devices com- 
prising a functional block for providing that device 
with a required functionality, and lock drcuitry for 
inhibiting operation of said functional block until the 
provision to the lock circuitry of said chip key from 
said first one of said devices. 

10. An electronic assembly, including a plurality of inte- 
grated circuit devices in accordance with daim 2, 
the said chip-key output means of said devices 
being operative to output different said chip keys, 
and the said lock drcuitry of each device inhibiting 
the said functional k>lock of the same device until 
the lock circuitry has received a said chip key from 
the chip-key output means of at least some of the 
other said devices. 

11. An electronic assembly including a plurality of inte- 
grated drcuit devices, a first one of said devices 
being in accordance with claim 3 and a plurality of 
second ones of said devices being connected to 
receive the said chip key output by the said chip-key 
output means of said first one of said devices fol- 
lowing unlocking of that chip-key output means, 
each of said second ones of said devices conrtpris- 
ing a functional block for providing that device with 
a required functionality, and lock drcuitry for inhibit- 



13. An electronic assembly, including a plurality of inte- 
grated circuit devices, a first one of said devices 

25 being in accordance with daim 5 and a respective 
second one of said devices being connected to. . 
receive at least the saKi chip key output by an asso- 
dated one of the sakf chip-key output means of 
said first one of said devices following unlocking of . 

30 that chip-key output means. 

14. An electronic assembly according to any one of 
claims 11 to 13. wherein the lock circuitry of said 
first device comprises:. 

~ Storage means for storing at least one refer- 
ence value, 

-- secure communication means for receiving 
an input from externally of the device and for 

40 subjecting that input to a decryption process to 

produce a first intermediate value, the nature of 
said decryption process being such that said 
first intermediate value corresponds to the 
dear form of a said chip key when said input is 

45 that key in encrypted form. 

- means for receiving said first intermediate 
value and for performing a one-way function on 
it to produce a second intermediate value. 

- comparison means for detecting a match 
so between said second intermediate value and a 

said at least one reference value, and for pro- 
ducing a corresponding enable signal when at 
least one said match has been detected, and 

- inhibit means for inhibiting operation of the or 
55 each said functional block until the correspond- 
ing said enable signal is produced. 

15. A device according to any one of claims 11 to 13. 
wherein the or each said chq^-key output means of 
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said first device is such that the said chip key output 
thereby is output in encrypted form, the lock cir- 
cuitry of the corresponding said second device 
including means for decrypting the chip key on 
receipt. ^ 

Amended Claims 

1. An electronic assembly, including a plurality of 
integrated circuit devices, a first one of said devices io 
comprising: 

- a functional block for provkling the device 
with a required functionality. 

- lock circuitry for inhibiting operation of said is 
functional block until the provision to the lock 
circuitry, from externally of the device, of at 
least one predetermined chip key, and 

chip-key output means for outputting a chip 
key associated with another said device; 20 

and a second one of said devices being connected 
to receive the said chip key output by the said chip- 
key output means of saki first one of said devices, 
said second one of said devices comprising : 2s 

- a functional block for providing that device 
with a required functionality, and 

- lock circuitry for inhibiting operation of said 
functional block of the same device until the 30 
provision to the lock circuitry of said chip key 
from said first one of said devices. 

2. An electronic assembly according to claim 1. 
wherein for said first one of said devices, said chip- 35 
key output means is independent of said lock cir- 
cuitry. 

3. An electronic assembly according to claim 1, 
wherein for said first one of said devices, said func- 40 
tional block controlled by the lock circuitry com- 
prises said chip-key output means. 

4. An electronic assembly according to claim 3, 
wherein said first one of said devices comprising at 4S 
least two said functional blocks each comprising a 
respective said chip-key output means for output- 
ting respective chip keys when the functional block 
ceases to be inhibited by said lock circuitry, there 
being at least two said second ones of said devices so 
to which are passed respective ones of said chip 
keys output by the said first one of said devices. 

5. An electronic assembly according to claim 2 or 
claim 3, including a plurality of said second ones of ss 
said devices each connected to receive the chip 
key output by said first one of the devices. 



6. An electronic assembly according to claim 3, 
wherein the said functional block of said second 
one of the devices includes chip-key output means 
for outputting a respective chip key when the fonc- 
tional block ceases to be inhibited by said lock cir- 
cuitry, a third one of said devices being connected 
to receive the said chip key output by the said chip- 
key output means of said second one of said 
devices, and said third one of said devices compris- 
ing: 

- a functional block for providing that device 
with a required functionality, and 

" lock circuitry for inhibiting operation of said 
functional block of the same device until the 
provision to the lock circuitry of said chip key 
from said second one of saki devices. 

7. An electronic assembly according to daim 1, 
wherein the lock circuitry of said first device com- 
prises: 

- storage means for storing at least one refer- 
ence value, 

" secure communication means for receiving 
an input from externally of the device and for 
subjecting that input to a decryption process to 
produce a first intermediate value, tiie nature of 
said decryption process being such that said 
first intermediate value corresponds to the 
clear form of a said chip key when said input is 
that key in encrypted form. 
" means for receiving said first intermediate 
value and for performing a one-way function on 
it to produce a second intermediate value, 
-- comparison means for detecting a match 
between said second intermediate value and a 
said at least one reference value, and for pro- 
ducing a corresponding enable signal when at 
least one sa\6 match has been detected, and 

- inhibit means for inhibiting operation of the or 
each said functional block until the con-espond- 
ing said enable signal is produced. 

8. A device according to claim 1. wherein the said 
chip-key output means of said first device is such 
that the said chip key output thereby is output in 
encrypted form, the lock circuitry of tfie second 
device including means for decrypting the chip key 
on receipt. 
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FIG. 3(a) 



10 



11 







12 






LOCK 






CTRY 








CHIP 






KEY 






O/P 





FIG. 3 (b) 




FIG. 3(c) 




FIG. 3(d) 



10 



\ 



11 



LOCK 
CTRY 



40A\ 



CHIP 
KEY 
O/P 



CHIP 
KEY 
O/P 



40B' 



11 



EP0 743 603A1 



FIG. 4(a) 
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